All posts by Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Ubuntu Oneiric Ocelot Will have ARM Support in the Server Edition

Ubuntu Oneiric Ocelot is around the corner. It is the successor to  Natty Narwhal and brings promising improvements over it. Although many people are unimpressed by the beta release of Oneiric Ocelot, it has some impressive features nonetheless.

ubuntu
A new Firefox, a revamped software center and other behind the scene changes all sum up to deliver a beautifully done Linux distro. However, one of those important behind the scene changes is ARM support. Canonical has said that Ubuntu 11.10 will be the first to support both ARM and x86 processor architectures. In reality, the support for ARM devices was introduced in version 11.04, but it was only for the desktop edition. With ARM support in the server edition, Ubuntu can claim full ARM support.

Canonical CEO  Jane Silber puts this as,

I know none of you are building your cloud on ARM architecture yet, but its a very promising architecture, and we’re very proud to be working with the leaders in that part of the ecosystem to bring that new capability to the open source world first. It is a significant move.

This shows how important servers with ARM processors will become in future. Ubuntu simply wants to be ready for the day this happens. The current Linux server market is easily dominated by Red Hat but Ubuntu has enough space to compete with it, once ARM heads into the server market, full-on.

A taste of the  new Unity interface in Ubuntu 11.10  should get you warmed up for the arrival.

Keep a tab on the  Ubuntu Oneiric countdown  for the final  release on October 13.

The Supreme Court of India Embraces Ubuntu Linux

In a bold move two months back, The Supreme Court of India decided that it should start using Ubuntu Linux as the primary Operating System across all courthouse-offices. The earlier Operating System across Indian courts was RHEL 5 (Red Hat Enterprise Linux), and that is why I call this transition a bold move. The quality of support provided by RHEL is unmatched in the world of Linux. It will be interesting to see how Ubuntu performs as a replacement, now that the transition is in process.
supreme-court

The Supreme Court prefers a customized version 10.04 of the Ubuntu distro for this migration. This deprives them of many new features of Ubuntu. However, Ubuntu 10.04 Lucid Lynx is the most stable one to come out after Ubuntu 8.04, so this choice is a wise one. There are over  17,000 courts in India that will be migrated over to this custom version of Ubuntu 10.04, as part of this plan.

The main problem faced by widespread adoption of Open Source software has been lack of vendor support. This issue is handled extremely well by Red Hat. However, when it comes to Ubuntu, users have to rely on documentations. Thankfully, the transition from RHEL to Ubuntu will be accompanied by user training. Additionally, a video tutorial and PDF file will be available at all times, at the Supreme Court of India website.

For a welcome change, the guideline message says,

The Ubuntu  Linux Operating System can be installed by the Judicial Officer on his own also as the installation process is very easy, intuitive and self-explanatory. In fact, it shall be a welcome change and a desired enablement on the part of the Judicial Officers if they become self-dependent in this aspect also.

This urges government officials to be familiar with the Ubuntu installation procedure and try it themselves. It also brings considerable cost cutting for the government.

The exact PDF document outlining the guidelines, features of Ubuntu and other technical details can be found at  this link. Video tutorials for demo guides can be found at this page.

Was it Right of RMS to Take a Pop at a Dead Steve Jobs?

Richard Matthew Stallman is the President of the Free Software Foundation. He is a well-known champion of software freedom. He shaped some of the popular open-source software licenses that we conveniently enjoy today. It would have been a bad world out there without his determinations, and we owe him that much. However, no matter how great some men are, it is not noble of them to make pejorative remarks about other great people, people whom the world holds in high esteems, especially on the event of their passing away.
richard-stallman
If Richard Stallman changed the world of free software,  Steve Jobs  transformed the world of personal computers and computing devices. His efforts with the PC business was so groundbreaking, it threatened giants like IBM back in 1979. From those early days, Apple has come a long way and created some of the most innovative products we find around us today.

If you ask me personally, I am torn between two worlds here. I respect Steve Jobs for everything that he did, and RMS is the very face of everything I believe in. His exact statement was,

Steve Jobs, the pioneer of the computer as a jail made cool, designed to sever fools from their freedom, has died.

As Chicago Mayor Harold Washington said of the corrupt former Mayor Daley, “I’m not glad he’s dead, but I’m glad he’s gone.” Nobody deserves to have to die – not Jobs, not Mr. Bill, not even people guilty of bigger evils than theirs. However, we all deserve the end of Jobs’ malign influence on people’s computing.

Unfortunately, that influence continues despite his absence. We can only hope his successors, as they attempt to carry on his legacy, will be less effective.

At the risk of sounding defensive, I may cite here that “I’m not glad he’s dead, but I’m glad he’s gone” were not his own words. However, Stallman reveled in the death of Steve Jobs, and that was wrong of him. Nothing good will come out of this. It seems like an act of desperation, one that has brought shame to the world of FOSS.

Ubuntu 11.10 Will Bring Ubuntu Friendly- a Hardware Validation Program

The Ubuntu roadmap suggests that it will graduate to version 11.10 codenamed Oneiric Ocelot next month. With this new version of Ubuntu, we will see new features, one of them being Ubuntu Friendly. Ubuntu Friendly is a user-feedback system that determines whether Ubuntu runs smoothly on particular hardware or not.
ubuntu-oneiric-logo
The  Ubuntu Friendly wiki  explains the system as,

Ubuntu Friendly is an open hardware validation programme for desktops, netbooks and laptops that will be developed during the Oneiric cycle and that will allow to validate as “Ubuntu Friendly” those systems that are known to work well with a particular release of Ubuntu, based on test results sent by Ubuntu users.

The basic aim of the system is to make lives easier for Ubuntu users and to help them decide on buying of laptops and desktops. The review system however, is not completely user-controlled. There is software that runs the review test and it is already available in  Launchpad PPA. The Ubuntu Friendly brand is owned by Canonical. However, there are no commercial criteria for a system to be Ubuntu friendly. It just needs to pass the test successfully.

The Ubuntu friendly program has two teams- the Ubuntu Friendly Squad and the Ubuntu Friendly Control. The Ubuntu Friendly Squad will collect test results, check them for completeness and sort them out. It will also maintain documentation for the program and write new tests for Ubuntu Friendly. Ubuntu Friendly Control is more about managing the Ubuntu Friendly community, as a whole .It will have rights to add and remove members from the program and manage results so that they do not bias the system.

While collecting user-reviews and system compatibility data, the Ubuntu Friendly program will also give Ubuntu users a feeling of being a part of the community. It will be interesting to see whether users take interest in this review system or not.

For more information of Ubuntu Friendly, take a look at their FAQ page.

Is Firefox Serious About Blocking the Java Plugin?

Firefox is the second most popular web-browser and it has held this title for too long. Projected figures show that it is going to  lose the title in December. However, an ongoing discussion by Mozilla might accelerate the fact. The discussion is on whether Firefox should allow the Java plugin, which is used for almost all  transactions  (not just online banking transactions) across the world.
java-plugin
A new attack has been identified that decrypts web-traffic and can dig through sensitive and personal information being sent over a transaction. The attack has been termed as  the BEAST (Browser Exploit Against SSL/TLS) attack  and it has been demonstrated successfully in a proof-of-concept hack.

Dan Goodin from The Register  talks about the BEAST exploit:

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the  secure sockets layer technology  that serves as the internet’s foundation of trust. Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he’s visiting.

The Public Key Infrastructure has three core services to take care of- Authentication, Integrity and Confidentiality. Authentication makes sure that the people at either end of the transaction are indeed who they claim to be. Integrity ensures that the data being transmitted is sent and received in the same form without alteration. Confidentiality deals with hiding the data from prying eyes, making the data  comprehensible  only to the people at either end. The BEAST attack goes after confidentiality and breaks it successfully.

The bug  689661 on Bugzilla at Mozilla lists out a favorite solution of blacklisting all versions of the Java plugin. This will affect all corporate businesses (ones that are transaction based) and some regular features of services that explicitly rely on the Java plugin, ones like Facebook video chat.

Currently, the only web-browser that is attempting to secure against this attack (without removing Java support) is Google Chrome.

(Image source)

Things Turn Bitter as Burp Starts Stealing Restaurant Data from Zomato

Up until mid-2009, it was extremely difficult to look up restaurant information online, for Indian cities. From those early founding days of Fooodiebay to present times, Zomato has grown by leaps and bounds and the credit goes to their dedicated team. Today, almost everyone in India has searched for restaurants on Zomato at least once.

zomato

With a business like this, updated content sits at the heart of everything. The core asset of a company like Zomato is all the restaurant data they collect over time. However, the business requires this data to be made publicly available as information, and this is where things can get ugly.

It is extremely tantalizing for any competing business to reuse (read steal) a competitor’s data. Zomato is extremely disappointed at Burp for doing exactly so. Having a database of 18,000+ restaurants with nearly complete menu is not a matter of a day. It requires building from the ground up, and Zomato has worked day and night to make it happen. If you think this is an easy job and it ends here, let me tell you, the data is updated every three months.

In case there is any question about proof of this accusation, perhaps  Deepinder Goyal  from  Zomato has the best thing to say

Any local search company such as ours, most of the times has unique/proprietary data points being shown on the website. These data points are proprietary to the business in a manner of representation and/or collection and any malicious competitor activity can be easily tracked when these data points show up on their website.

Zomato was trying out a new business model in which they provided phone numbers for reservations. These phone numbers were from Zomato representatives, who reserved tables on behalf of the customer. Moreover, they also have a GPS tracking system of their own. Exact coordinates up to five digits of precision appeared on the burp listings.

Zomato has also tracked down an employee from Burp who is migrating content over from their website. Burp has sent passive replies like,

This was a user upload, we have nothing to do with this, and we will take down the listing. Thanks for keeping an eye on us. And please don’t make a mountain out of a molehill. We maintain 150,000 listings, so we don’t bother about copying your data at all. We don’t do such things.

It is time Burp kept its nose out of Zomato’s business and acted responsibly.

Update:
Following the blog post made by Zomato, Burp has written a reply on their own blog. This time, they have blamed Zomato of foul play and their defense points are interesting. We will see how the matter unfolds very soon.

Oracle Assumes MySQL is Open Core, Invites the Wrath of the Open Source Community

There has to be a day when Oracle stops disappointing the world of open source. Right after the acquisition of Sun Microsystems, everything Oracle has done took open-source projects under Sun Microsystems on a slide downhill. Recently,  many publications  are talking about  MySQL becoming open-core  but if we look closely, Oracle started out with this very outlook for MySQL! To be precise, Oracle says in  its announcement of commercial extensions  for MySQL,

Continuing the business model of MySQL, we are adding three new commercial extensions to MySQL Enterprise Edition.
http://cache.techie-buzz.com/images4/chinmoy/mysql-logo.jpg
Existing commercial customers who are entitled to a  MySQL Enterprise Edition  subscription can log into My Oracle Support and download these immediately.
For others who want to try these new capabilities, we will make them available shortly, via the  30-day
free trial of MySQL Enterprise Edition
.

Tell me why that does not sound familiar. We have seen this ideology earlier. Both Eclipse and Cygwin are based on the ideology of  Open Core  and MySQL seems to be taking the same path. Something about this open-core does not seem right. At least, it does not fall in line with the four basic freedoms of free-software, namely,

  • The freedom to run the program, for any purpose (freedom 0)
  • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1)
  • The freedom to redistribute copies so you can help your neighbor (freedom 2)
  • The freedom to distribute copies of your modified versions to others (freedom 3)

Open core maintains a feeling of goodwill while taking away the aesthetic value of these freedoms. With this move, Oracle shows that it has the right to distribute MySQL components as commercial products. In other words, what would otherwise have arrived, as an enhanced version of MySQL with added features, will come as MySQL with commercial enhancements.

Mitsubishi Heavy- Japan’s Top Defense Contractor, Gets Hacked

Japan’s top defense contractor, Mitsubishi Heavy, has confirmed that it was a victim of a cyber-attack recently. The hack attempt targeted submarine, missile and nuclear plant data stored on their computers. Reportedly, malware was found on almost 80 computers inside the company, including 45 servers and 38 PCs. This confirms that there were 80 infected computers running at 11 Mitsubishi Heavy sites for an uncertain period, nearly half of which were servers.

mitshubishi-heavy-logo

The attacks on Mitsubishi Heavy were spotted for the first time on August 11 and the intrusion seems to have come from a spear-phishing attack. This form of phishing involves sending spoofed emails to the recipient, making it look like it comes from a known email address. The day of this attack was the 80th anniversary of the Manchurian incident.

China has denied involvement with this attack. Chinese Foreign Ministry spokesperson  Hong Lei says,

Such allegations are groundless. The Chinese government has always opposed  Internet  hacking. Chinese laws prohibit hacking and other cybercrimes.  I would like to emphasize that the Chinese government is willing to cooperate with other countries to fight against cybercrimes including hacking.

The matter is still under investigation and a Mitsubishi Heavy spokesperson has said,

There is no possibility of any leakage of defense-related information at this point.

Mitsubishi heavy is the largest and the most reputed defense contractor in Japan. IHI (Ishikawajima-Harima Heavy Industries), which is another defense contractor at Japan, was also hit by a similar attack. While Mitsubishi Heavy specializes in  submarine  technology, IHI is famous for its aircraft turbochargers.

This event has  occurred four months after the largest defense contractor in the US was hit by a cyber-attack. In both these cases, it is amusing to see how China is linked to every cyber-attack on defense contractors.

(Via: WSJ, Source: Al Jazeera)

IIS Web Server Share at an All-time Low, Nginx Rises, Apache Rules

Apache has been the predominant web-server since the early days of the internet. It has remained so for years and there is no doubt that it will remain so for years to come. The second most popular web-server no doubt is  Microsoft’s IIS. It is quite popular and is a necessity if you are using Microsoft technologies to develop web-applications.

Around three years back, IIS was catching up and for a moment, it looked like Apache was losing ground. However, since 2007, Apache has been on a constant rise and has captured 65% of the web-server market today. This comes as a surprise, since Microsoft has worked extensively towards pushing its web technologies. ASP.NET and Silverlight are impressive enough. In spite of this, the current market share of IIS stands at 16%. This is a deva-vu from 1997 when IIS had exactly this much of share in the web-server market.

netcraft-iis-server

The dip can be attributed to the fact that the IIS web-server runs only on a Windows environment. Moreover, a huge array of open-source software like Linux, BIND, and FreeBSD are popular on the web-server. On the contrary, IIS has no such supporting technology.  A holistic view of the current situation shows a dark future for Microsoft web-technologies.

Other than the obvious dip in IIS share and the dominant rise in Apache share, some other interesting results appear in the above graph. We see a period from June 2009 to December 2009 when both Apache and IIS registered a dip and there was a remarkable rise in unconventional web-servers.

Interestingly, the second most popular open-source web-server, Nginx has registered a continuous rise in market share since 2008. It is indeed sad to see how the once dominant Sun server disappears in this graph.

(Via: Pingdom, Source: Netcraft)

How Were the Names on the World Trade Center Memorial Arranged?

It has been ten years since the September 11 attack at the World Trade Center. Thousands of lives were lost in the attack that shook the world and the frightful images from the attack are still fresh in my mind.

A bronze memorial engraved with names of all victims has been laid out to commemorate all the lives lost at the attack. It names all those who lost their lives and there are 2,983 names in there. However, you will be surprised to know that these names are not arranged in alphabetical order or any other common order known to man. The arrangement is in a particular fashion, where these names are placed as nodes in a network of their relations to one another.

wtc-memorial

The relating factors are both professional and social. The work of sorting out those thousands of names and placing them in this complex network is attributed to  Jer Thorp, who is a Data Artist at the New York Times and has a long-standing experience in visualizations.

The arrangement of names on the memorial makes use of “meaningful  adjacency”, the data for which was collected by asking the families of victims. Some of the adjacency is also based on the place of accident. With over 2900 names as nodes and over 1200 relations as edges, the result would have been an  enormous  graph. The handling of this huge dataset was done using an open-source language called Processing.

Processing is an open source programming language and environment for people who want to create images, animations, and interactions. Initially developed to serve as a software sketchbook and to teach fundamentals of computer programming within a visual context, Processing also has evolved into a tool for generating finished professional work. Today, there are tens of thousands of students, artists, designers, researchers, and hobbyists who use Processing for learning, prototyping, and production.

The use of Processing brought significant elegance to the work, and as CNET says,

This led to about 99 percent of the requested adjacencies being honored. In addition, the system tackled problems such as name length, spacing between lines and potential interference between letters, and other aesthetic challenges–such as the fact that 12 panels are irregularly shaped. The designers worked with the output to produce the tribute.

Processing has also been used for other visualization work as exhibited here in this gallery.

(Image via: Scientific American)

Certificate Authority GlobalSign Loses Critical Data to ComodoHacker

Over the last few months, we have seen sophisticated and well-organized attacks on various websites and web-services. While some of these attacks were aimed at proving vulnerabilities, others were carried out to raise concerns against policies and actions taken by these agencies, organizations and at times, Governments. Whatever be the case, in all these situations, always the end-user suffered the most.  The recent course that this hack and breach fest has taken, (not essentially the same hacker groups) is towards certificate authorities.
globalsign-security-breach
Certificate Authorities are the bodies who issue certificates to certify a website or a web-service as genuine. Whenever we visit a website with an SSL or TLS authentication, a certificate is issued which validates the site in the browser. This is used to verify the website as well as the integrity of it.

On July 10 2011, ComodoHacker attacked the Certificate Authority DigiNotar. This attack led to the creation of  fake Gmail certificates that was used for  man in the middle attacks. This time, the same hacker ComodoHacker claims to have hacked another Certificate Authority- GlobalSign. The hacker claims that he has large amounts of data from the Certificate Authority which includes emails, database backups, customer data and other sensitive information, all of which he plans to release in near future.

The Pastebin message announcing this says,

I have ALL emails, database backups, customer data which I’ll publish all via cryptome in near future), GlobalSign (I have access to their entire server, got DB backups, their linux / tar gzipped and downloaded, I even have private key of their OWN globalsign.com domain

Following this breach, GlobalSign has stopped issuing security certificates after internal investigations proved that the breach was indeed genuine.

 

Oracle Changes its JDK Licensing, Oracle JDK No More Available for Linux Distros

As part of its acquisition of Sun Microsystems, Oracle also acquired the Java technology. Oracle has the enterprise sector in its grip now (Java and Oracle database). However, we cannot forget how erratic it has been in handling delicate issues like the  OpenSolaris project  or the ongoing infringement case against Android. It has repeatedly failed to earn the trust of the Open Source community, something that Sun Microsystems had in abundant.

oracle-java

Java is a wonderful technology. This video from 2006 will tell you why.

The Java development kit comes in two flavors. While Oracle JDK (earlier Sun JDK) is under the Binary Code License (earlier Sun License), OpenJDK is under GPL with a linking exception. From JDK version 7, Oracle has planned to support OpenJDK and  withdraw the Operating System Distributor License  for Java. This has resulted in a withdrawal of OracleJDK from the repositories of Linux distributions. Putting further restrictions, you cannot even download Oracle Java for any Linux distributions anymore.

OpenJDK has always suffered because of the unfair nature of the competition and it is said to have some serious bugs. These pitfalls never allowed it a rise to fame but now, things are looking better for OpenJDK. Oracle itself has taken interests in OpenJDK development. Perhaps for uniformity, it has declared OpenJDK as the official Java SE reference from JDK 7 onwards.

This is the second game changing event in the world of Java since May 2007, when it went completely open-source and the Java code was released under GPL. With IBM, Oracle, Apple, SAP, RedHat and other big names working on the OpenJDK project, we will surely see the best of Java in future.

Do you want to know how OpenJDK fares against Oracle JDK? Read  this Stack Overflow question.

Huge Security Hole Discovered in BSNL Internal Application Dotsoft

BSNL is India’s largest telecom provider, a game changer in the telecom industry in India and probably the  only organization that drives competition in this sector by going out of its way. The success of BSNL in India can be attributed to a number of factors, the primary one being its ties with the Government. The Government of India owns BSNL and it also forms a strategic partner for the Government of India. This makes BSNL a powerful organization when it comes to the telecom industry and as the good old saying goes, “with great power comes great responsibility”.

BSNL has been hacked numerous times in the past. Last year in August, Pakistani hackers pwned BSNL India’s Punjab website and managed to get hold of user data. There was a déjà vu in July (last month) when the Pakistani Cyber Army hacked a BSNL website (again!). Now, we are seeing another security hole in a BSNL website, which can compromise numerous employee accounts inside the organization.

bsnl-hack-dotsoft

The Dotsoft application used by BSNL for its internal operations is a flawed one when it comes to security. As you can see, the application allows public access, for anyone to modify any internal user account at BSNL. The Dotsoft project page (probably) at BSNL explains it as,

Dotsoft  is in-house developed software, integrating the Commercial Activities, Telecom Billing & Accounting,  FRS and Directory Enquiry. It has been implemented  in  171  SSAs (Districts) across the country.
All the SSAs of Andhra Pradesh,  Tamil Nadu, Karnataka, Assam, Punjab, Chhattisgarh and  Gujarat Telecom Circles  have implemented it. Rest of SSAs is from states of  Maharashtra, Madhya Pradesh, Uttar Pradesh, Rajasthan,  J&K and Haryana. Many Telecom Circles like Bihar Telecom Circle,  Orissa Telecom Circle and Uttaranchal  Telecom Circle  are in various stages of finalizing the plans for implementation of Dotsoft in their SSAs.

Clearly, this application holds extreme value inside the organization as it forms a critical part of their business. Severe security vulnerability like this should be fixed immediately. Any plans to extend this application across more states, without fixing this vulnerability might put BSNL in jeopardy.

Anonymous Decides to Take Down Facebook on November 5, but Not Everybody is Joining In

Facebook is notorious for its confusing privacy settings and for the way it handles personal data of its users. It changes privacy settings too often and the matters with Facebook privacy are so volatile, they are nothing less than annoying.

In response to Facebook’s outlook towards its users, a few members from the hacker collective Anonymous have decided to take down Facebook on November 5 as declared in OP_Facebook. This is their Vendetta-style justice for all of Facebook’s wrongdoings. You can see the YouTube video with a message announcing Operation Facebook.

facebook-logo

The video claims that Facebook sells our personal information to government agencies and information security firms. It also names two governments in the message, one being Syria. This did not surprise me, as the website of the Syrian defense ministry was defaced a few days ago, and its contents replaced with a message from Anonymous.

Now, some things are clear from this YouTube video. The video is of inferior quality than what we are used to seeing from Anonymous. This means that either it is a prank, or it is from a much smaller sub-section of Anonymous, which will not draw support from the rest of them.

The YouTube account holding the video was created on July 16, as was the Twitter account for OP_Facebook. Moreover, the attack date of 5 November 2011 is nearly three months from now. Anonymous would never give a three-month notice. The Anonymous I knew would never lose its flair doing this!

The YouTube video does not sound like it really came from Anonymous, which talks in a very different tone than this one. This seems to be a big hoax and there is a good chance that Facebook might not face demise on November 5. For a service as widely distributed as Facebook, it would require all the Anonymous members to launch an attack and this OP_Facebook is a fail even before it will start. Perhaps, the AnonOps Twitter Account spoke for the better half of Anonymous (not participating) when they said,

We prefer to face the real power and not to face to the same medias that we use as tools.  #OpFacebook  #Anonymous

The message posted in this YouTube video is the views of only a few Anonymous members and the larger Anonymous does not seem to support the cause fully. If anything is interesting in this entire fiasco, it is Guy Fawkes Night.

Update: Gawker claims this video to be one of the remnants of the real OP Facebook, which was launched earlier this year, and abandoned later in July.

What Does Your Ten Year Old Do? This One Hacks Mobile Games!

Her pseudonym is  CyFi. She does not like it when the cabbage in her farm-style game takes hours (in real time) to grow. So, what does she do? She hacks these games to make the crops grow faster. Meet CyFi  from  DefCon Kids. CyFi is just ten years old and she is the co-founder of DefCon kids.

defcon-kids

This budding hacker, who goes by the pseudonym CyFi, has discovered a zero-day exploit in Android and iOS games. This class of exploits lets her fast-forward through some games by fiddling with the clock on the mobile device. Some other games were stubborn not to obey CyFi’s hacks. She pwned them by turning off the Wi-Fi and increasing the time in fragments. The Wi-Fi on these devices was probably used to detect abnormal usage by sending data back to the game servers.

Her crops grow faster and she is content with it. CyFi calls her vulnerability the Time Traveler. However, she has decided not to name the affected games.  Independent security researchers have also identified this as a new class of security vulnerabilities in mobile games.

The matter will come to light at a new addition to the DefCon conference, the DefCon Kids. DefCon Kids aims to foster the hacker culture among young and budding enthusiasts.

Seth Rosenblatt from CNET  had this to say-

CyFi’s mother, who must remain anonymous to protect her daughter’s identity, told CNET that at the end of CyFi’s presentation at  DefCon Kids  they would offer a $100 reward to the young hacker who found the most games with this exploit over the following 24 hours. The reward is sponsored by AllClearID, an identity protection company that is also sponsoring the DefCon Kids. This is the first year of DefCon Kids programming at the conference, a reflection of the fact that members of the hacking community are getting older and raising families.

This is not a serious security breach, considering that it will not result in any stolen data or anything remotely similar. However, it is a new class of hacks that will embarrass a number of Android and iOS game developers.